CVE-2020-11486

CWE-434Unrestricted File Upload3 documents3 sources
Severity
9.8CRITICAL
EPSS
2.1%
top 15.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Intel BMC FirmwareNvidia Nvidia DGX Servers
Timeline
PublishedOct 29
Latest updateMay 24

Description

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDintel/bmc_firmware< 3.38.30
CVEListV5nvidia/nvidia_dgx_serversAll DGX-1 Servers with BMC firmware versions prior to 3.38.30

🔴Vulnerability Details

2
GHSA
GHSA-64v7-px34-rqmh: NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 32022-05-24
CVEList
CVE-2020-11486: NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 32020-10-29
CVE-2020-11486 (CRITICAL CVSS 9.8) | NVIDIA DGX servers | cvebase.io